5 Replies Latest reply on Jan 15, 2015 10:59 AM by Ivo Vávra

    Windows Non-Security Updates

    Ivo Vávra



      I would like to know, if it is possible to get some details about the process of the Patch Catalogue update. I know that it gains a list of patches from Shavlik. But is there any advanced notification of what will be added to the catalogue? We are able to track security updates due to regular MS Security Bulletins, but I am not sure how to get advanced info about non-security patches, tools and service packs. I can see Bulletin IDs and their numbering like GACU, GAUR81, MSWU, MSSL etc. But is there any complete list (and description of what it means) available for public? I can't ask Shavlik directly, as we have no contract nor agreement with them. My approach is to replace WSUS with BSA, so I would need to know how it reflects/alligns to Windows Auto Update service. I need to be able to create Smart groups with non-security updates according the their ranking and severity. I would need to know if these updates have been somehow tested before adding to Shavlik's xml and then to BMC catalogue. Thank you so much in advance for any kind of advisory or hint!

        • 1. Re: Windows Non-Security Updates
          Jim Wilson

          Sign up for Shavlik Content Updates:



          Or, send a blank email to subscribe-shavlik-xml@listserv.shavlik.com.


          They also have a Twitter Feed: @ShavlikXML


          None of these require any contract or agreement with Shavlik

          1 of 1 people found this helpful
          • 2. Re: Windows Non-Security Updates
            Ivo Vávra

            THX. But I would like to know how Shavlik receives patches from MS. If it can be trusted and we can use BSA similar way as we use WSUS. If detection of missing patches is identical. I also want to be able to see the history and not only the future.
            I would also like to know what exactly means shortcuts/Bulletin IDs like GACU, GAUR81 etc. How many of Bulletin IDs do exist? Is there any database of that.


            You know, someone has had to agree the process with Shavlik. Shavlik has its service description and there should be explanation of these terms... I can also see that it doesnt contain only MS software. So we definitelly need to know all types of Bulletin IDs.

            • 3. Re: Windows Non-Security Updates
              Bill Robinson

              the patches always come from microsoft.  shavlik provides metadata to determine if a particular patch applies to a particular system.  the metadata is based on the information in the bulletin published on the microsoft site such as file versions and other information about the files included in the patches.  all of the bulletin IDs are from microsoft or whatever vendor the patch is for so you'd need to check w/ the os/software vendor for a list of the bulletins. for example a quick google of 'adobe security bulletins' takes me here: Security Bulletins and Advisories


              not sure what you mean about history and future.  shavlik often returns different results than WSUS, as would any of the other patch tools (patchlink, gfi, etc).  we believe that shavlik provides the most accurate results which is why we OEM their engine.  if there is a question about why shavlik thinks a patch should apply to a target or not there is debug information you can gather via bsa and inspect.   

              • 4. Re: Windows Non-Security Updates
                Jim Wilson

                You can review Shavlik Webinar "Shavlik Protect: Patching Beyond WSUS"



                BMC embed the Shavlik SDK which has the same analytical engine as Shavlik Protect product.

                • 5. Re: Windows Non-Security Updates
                  Ivo Vávra

                  I was probably looking for this https://support.microsoft.com/kb/894199 and references to previous years (history) at the end of that page. So now, I can combine shavlik xml with this link and get some overview. Shortcuts for Bulletin IDs are still not clear, but I suppose that it will be something like Global Automatic Update Rollup, Global Automatic Content Update, MS SilverLight, MS Windows Update etc.


                  Thank you all for your effort!